Are organizations completely ready to stop cyberattacks?

Similar documents
MOBILE SECURITY. Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device)

WHITE PAPER > THE RISKS & REWARDS OF MOBILE BANKING APPS. The Risks & Rewards of Mobile Banking Apps

Webroot SecureAnywhere Business Endpoint Protection

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

Commissioned Study. SURVEY: Mobile Threats are Real and Costly

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

Mobile App Reputation

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

2012 Endpoint Security Best Practices Survey

Webroot Security Intelligence. The World s Most Powerful Real-Time Network Security Services

SAAS VS. ON-PREMISE SECURITY. Why Software-as-a-Service Is a Better Choice for and Web Threat Management

of firms with remote users say Web-borne attacks impacted company financials.

Lowering MSP TCO for Endomet Security Solutions

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

Global IT Security Risks

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

Federal Cyber Security Outlook for 2010

Insights from Collective Threat Intelligence

The Power of Multiples Best Practices for Selling Best-of-Breed Solutions

The Attacker s Target: The Small Business

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Is your business secure in a hosted world?

Business Attitudes Toward Cybersecurity 2014

Internet threats: steps to security for your small business

The Importance of Cyber Threat Intelligence to a Strong Security Posture

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Combating a new generation of cybercriminal with in-depth security monitoring

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

10 steps to the Cloud for SMBs Introduction to Cloud computing. Ask the Experts. Making Business Work Better Online

Cloud-Client Enterprise Security Impact Report Increased Protection at a Lower Cost

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

BIG SHIFT TO CLOUD-BASED SECURITY

WHITE PAPER SPON. The Cloud Advantage: Increased Security and Lower Costs for SMBs. Published August 2012 SPONSORED BY

2012 NCSA / Symantec. National Small Business Study

2012 Bit9 Cyber Security Research Report

WHITE PAPER SPON. A Cloud-Client Architecture Provides Increased Security at Lower Cost. Published January 2012 SPONSORED BY

Managing Web Security in an Increasingly Challenging Threat Landscape

A PROVEN THREAT A TRUSTED SOLUTION MCCANN CYBER SECURITY SOLUTIONS

Security Intelligence Services.

Your Customers Want Secure Access

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

How To Protect Your Endpoints From Attack

AUTOMATED PENETRATION TESTING PRODUCTS

The Future of Network Security Sophos 2012 Network Security Survey

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

A REPORT ON WORKPLACE SECURITY

SITUATION SOLUTION BENEFITS SUPPORT PRODUCTS

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

Global Corporate IT Security Risks: 2013

US companies experience and attitudes towards security threats

Research Results. April Powered by

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Windows XP End-of-Life Handbook for Upgrade Latecomers

The Path Ahead for Security Leaders

McAfee epolicy Orchestrator

Things To Do After You ve Been Hacked

IT Security: Enabled. Managed Security Beyond the Trusted Advisor Role

What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

The Impact of Cybercrime on Business

Cybersecurity: A View from the Boardroom

Non-Geeks Guide to. Network Threat Prevention

2015 VORMETRIC INSIDER THREAT REPORT

Testing the Security of your Applications

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Healthcare Security: Improving Network Defenses While Serving Patients

White Paper. The benefits of basing and web security in the cloud. including cost, speed, agility and better protection

MANAGED SECURITY SERVICES (MSS)

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?

Corporate Security in 2016.

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT -BASED THREATS

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Five reasons SecureData should manage your web application security

Securing Endpoints without a Security Expert

2011 NATIONAL SMALL BUSINESS STUDY

Streamlining Web and Security

Closing the Security Gap

Building The Business Case For Launching an App Store

Microsoft s cybersecurity commitment

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

The Five Most Common Cyber-Attack Myths Debunked

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

State of Security Survey GLOBAL FINDINGS

IBM Security re-defines enterprise endpoint protection against advanced malware

Collateral Effects of Cyberwar

Improving Cyber Security Risk Management through Collaboration

BUILDING THE CASE FOR CLOUD: HOW BUSINESS FUNCTIONS IN UK MANUFACTURERS ARE DRIVING PUBLIC CLOUD ADOPTION

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Security Intelligence

Global Survey: What s creating tension between IT and business leaders? April 2014

Why phishing is back as the No. 1 web threat, and how web security can protect your company

INTRODUCING isheriff CLOUD SECURITY

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Redefining Incident Response

Transcription:

Are organizations completely ready to stop cyberattacks? A research survey details the security perspective of IT decision makers in the US, UK, and Australia on resourcing, preparedness, and management effort expended on cybersecurity by small and medium sized businesses.

The nature of cyber threats has changed dramatically throughout the past five years. From our many discussions and exchanges with organizations, small to medium sized businesses (SMBs) are not fully equipped to manage IT security. Why? SMBs often believe they are too small for hackers to target, or that they have little of value that cybercriminals would choose to steal. Outside the technology sectors, SMBs often forget that their value to cybercriminals may lie in their potential, as their innovation and IP can lead to growth into tomorrow s large enterprises. In the past, the it won t happen to me attitude was largely sustainable for many SMBs. However, in today s world, the automation, commoditization, and low upfront costs of becoming a professional cybercriminal are such that it requires minimal skill to set up a cybercrime business and start trawling the internet for victims. Understandably, the under-protected, under-funded small to medium business makes for an attractive target. Data breaches at massive companies like Target and J.P. Morgan make dramatic headlines, but there are dozens of threats to smaller enterprises each week that don t make the news. In this global study by Wakefield Research, sponsored by Webroot, revealed that many businesses reported not being prepared to protect against cyber threats or address their aftereffects. This report examines the state of IT security in small and medium sized businesses, assesses their readiness in the face of modern threats, and details recommendations for IT decision makers to better secure their businesses in 2016. 1

How SMBs are Coping with IT Security Today At Webroot, we are constantly monitoring the state of IT security within small and medium businesses. To complement our Smarter Cybersecurity solutions and collective threat intelligence services, we commissioned new research on how small and medium businesses are preparing to stop cyberattacks and if outsourcing IT security would increase their cybersecurity. The results that follow cover three countries: US, UK, and Australia. In total, 700 IT decision-makers were surveyed across organizations with 1,000 employees or fewer. How is your IT security managed? 3% 5% Do not have the resources that specifically address IT security Non-IT employees who handle IT security with other responsibilities 32% Handle IT security along with other IT responsibilities 9% Outsource IT security - contract with managed service provider 24% Dedicated in-house IT security professional or team 27% A mix of in-house and outsourced IT security solutions Lack of resources and skills are a major issue within small to medium sized organizations. On average, less than a quarter of the organizations surveyed (24%) had a dedicated in-house cybersecurity team or individual. The majority surveyed (32%) had employees who handled cybersecurity along with other general IT responsibilities, followed by (27%) who had a mix of in-house and outsourced cybersecurity resources. However, only 14% of organizations relied solely on non-it staff or outsourced resources. 2

How do you rate your IT security preparedness? There is a direct correlation between the 24% of organizations with dedicated cybersecurity resources and the 24% who were far from, or only somewhat ready to handle online threats. In fact, only 37% of those surveyed reported they were completely ready to protect against and remediate threats, while 39% reported being almost ready. Thus, 63% of all surveyed were not completely confident in their readiness to counter attacks and protect themselves. 0% 3% 21% 37% 39% Never be ready to manage and Far from ready to manage and Somewhat ready to manage and Completely ready to manage and Almost ready to manage and What IT security threats are you completely prepared for? The study focused on four different security threat areas, including web, endpoint, network, and the insider threat. What emerged was a revealing insight into what respondents considered completely ready to manage and. Insider threats constituted the lowest percentage, with only 52% of organizations labelling themselves as completely ready to deal with these. Unsecured endpoints continue to cause major issues, as only 60% of respondents were confident they could respond to malware infecting a computer or mobile device. From these results, we can see that the majority of SMBs are not completely prepared to handle cybersecurity incidents within their organizations, even in key security areas. 8% None of these 52% 55% Insider threats, such as employees Unsecured internal and external networks (public Wi-Fi) 60% 64% Unsecured endpoints including PCs and smart devices Unsecure websites and phishing attempts 3

Fewer Resources than Enterprise IT Is your business prone to cybersecurity attacks because you don t have the same resources as larger enterprises? Skilled cybersecurity resources are in short supply in all sectors, so it s unsurprising that 59% of SMBs perceive themselves at a disadvantage to better funded enterprise organizations with more resources. The issue lies in acquiring or reallocating resources to address the lack without damaging the business bottom line. 15% 26% 37% 22% Disagree strongly Disagree somewhat Agree somewhat Agree strongly Not Enough Time to Keep Up on Cybersecurity Do you have enough time to stay up-to-date on cybersecurity threats? Keeping up with cybersecurity updates and the latest vulnerability patches is a crucial part of defending an organization. This graph and the next look at the time SMBs are able to dedicate to IT security matters. First we asked if respondents believed they had enough time to stay up-to-date on cybersecurity threats. More than half of respondents (55%) at least somewhat agreed that they do have enough time. 20% 24% 36% 19% Disagree strongly Disagree somewhat Agree somewhat Agree strongly 4

Ability to Handle a Cyberattack How confident are you that someone on your staff could thoroughly address a cyberattack? When asked how confident IT decision makers would be that someone on their staff could deal with a cyberattack, a surprising 84% responded confidently. Given the other responses to this survey, this was unexpected, and indicates a discrepancy and possible misperception of IT resources, knowledge, and capability to thoroughly address a cyberattack. The response is particularly optimistic when considered alongside the data in the next graph. 16% Unconfident (net) 84% Confident (net) 3% Very unconfident 13% Somewhat unconfident 50% Somewhat confident 50% Very confident Time Spent on Cybersecurity How much time did you spend on cybersecurity in the past 6 months? We asked IT decision makers how much time was spent actually working on cybersecurity issues over the past 6 months. An unexpected 56% reported having spent less than 17 hours (2 business days) in the past six months on cybersecurity. This is likely due to a lack of adequate IT support and resources dedicated to security education and prevention. 44% 21% 27% 8% 17 hours or more 9-16 hours 1-8 hours 0 hours 5

Outsourcing IT Solutions: Help or Hindrance Would outsourcing increase your bandwidth to address other areas? Many SMBs are outsourcing cybersecurity to managed services providers (MSPs) to make up for the lack of time and in-house expertise. 81% of respondents agreed such outsourcing would improve their bandwidth for addressing other tasks, while 53% agreed somewhat. 19% Disagree (net) 81% 5% 14% 53% 53% Agree (net) Disagree strongly Disagree somewhat Agree somewhat Agree strongly By what percentage do you expect to increase your Annual IT Security Budget for 2016? Given the daily news about breaches at major retailers and other organizations, the majority of SMBs plan to increase their cybersecurity budget in 2016. This chart shows 81% increasing their budget by an average of 22%. This should help SMBs considerably improve their security postures, as they acquire or improve on cybersecurity resources and practices. 22% 81% 12% 12% 19% 50% 7% Average (increase) Any (net) Plan to decrease annual security budget in 2016 50-100% 20-49% 1-19% No change 6

How much do you estimate the total cost of a cyberattack on your business would be in 2016? These figures from the survey illustrate why so many SMBs are planning to spend more on IT security in 2016. The impact of a cyberattack on lost customer records or other critical business data is severe. It s important to note there are some regional differences in the cost impact. The survey sample size for the US and Australia was very similar, while the UK had a 33% larger respondent group. This may explain the seemingly large differences in the graph. On average, however, between 37% and 47% of losses across all regions to a cyberattack would total at least a $100,000. 54% 19% 28% USA 63% 18% 19% 54% 24% 23% UK AUS Less than US $100,000 US $100,000 - US $499,000 US $5000,000 or more Financial Loss from Cyberattack by Region Cyberattack Loss by Survey Region When looking at the average losses measured in US dollars, we saw that losses in the US were considerably higher than in the UK or Australia. These estimates were based upon losses due to a potential cyberattack in 2016 that compromised customer or critical business records. US $522,660 UK $326,024 AUS $313,775 7

Regional Findings Of particular note in the findings is the similarity between the US, UK and Australia. On nearly every measure, the responses were very close in percentile terms. Universally, SMBs across these regions are in a very similar situation with regard to these measures and pain points. Notable disparities include: 50% of US respondents feel they don t have time to stay up-to-date latest cybersecurity threats, compared to 61% in Australia. Respondents in the US and UK also expressed more confidence in their endpoint protection capabilities (63%) than Australian respondents (55%). Conclusions and Recommendations Although SMBs appear more aware of cybersecurity-related risks to their organizations, many are still unsure or under-informed about their own readiness to handle such risks. SMBs would benefit from researching newer technologies and cybersecurity practices, such as next-generation endpoint protection and threat intelligence. Endpoint security should not only stop infections effectively, but should also automate security management. By reducing or eliminating time-consuming operational burdens, such as ensuring all devices have the latest software updates, maintaining on-premise management and update servers, remediating infections or reimaging machines manually, etc., SMBs can free up their IT resources for other tasks. The survey shows that respondents are open to strategies for improvement, with over 81% agreeing that outsourcing cybersecurity would improve their security posture and give them the bandwidth to address other critical areas of their business. With better targeting and funding, the goal of achieving that security posture is becoming increasingly attainable. For example, managed service providers can now deliver solutions that leverage new cloud-based cybersecurity architectures and allow organizations of all sizes to implement cost-effective protection that doesn t require high management costs or investing in new infrastructure. SMBs no longer need to go it alone. Through a carefully considered mix of stronger cybersecurity approaches, increased spending, and management outsourcing, they can deploy and maintain the same business security as larger enterprises, for a fraction of the cost. Survey Methodology The Webroot SMB Cybersecurity Survey was conducted by Wakefield Research among 300 IT decision-makers in the UK, 200 IT decision-makers in the US, and 200 IT decision-makers in Australia from SMBs between October 28th and November 12th, 2015, using an email invitation and an online survey. Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. For the interviews conducted in this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 3.7 percentage points for the overall sample and by more than 5.7 percentage points for the UK audience and 6.9 percentage points for the US and Australia audiences from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample. About Webroot Webroot provides Smarter Cybersecurity solutions. We provide intelligent endpoint protection and threat intelligence services to secure the Internet of Everything. By leveraging our cloud-based collective threat intelligence platform, computers, tablets, smartphones, and more are protected from malware and other cyberattacks. Our award-winning SecureAnywhere intelligent endpoint protection and BrightCloud threat intelligence services protect tens of millions of consumer, business, and enterprise devices. Webroot technology is trusted and integrated into market-leading companies including Cisco, F5 Networks, HP, Microsoft, Palo Alto Networks, RSA, Aruba and many more. Webroot is headquartered in Colorado and operates globally across North America, Europe, and the Asia Pacific region. Discover Smarter Cybersecurity solutions at webroot.com. World Headquarters 385 Interlocken Crescent Suite 800 Broomfield, Colorado 80021 USA +1 800 772 9383 Webroot EMEA 6th floor, Block A 1 George s Quay Plaza George s Quay, Dublin 2, Ireland +44 (0) 870 1417 070 Webroot APAC Suite 1402, Level 14, Tower A 821 Pacific Highway Chatswood, NSW 2067, Australia +61 (0) 2 8071 1900 2015 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, Webroot SecureAnywhere, BrightCloud, Webroot BrightCloud, and Smarter Cybersecurity are trademarks or registered trademarks of Webroot Inc. in the United States and/or other countries. All other trademarks are properties of their respective owners. TR _ 120415 _ US 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information